HP Versus The World

Meg Whitman says, "HP's traditional highly profitable markets face significant disruption. Wintel devices are being challenged by ARM-based devices," she said. "The disruptive forces are very tough and very real, and they are accelerating. We are seeing profound changes in the competitive landscape. Our competitors are expanding across the IT stack. Current partners like Intel and Microsoft are turning from partners to outright competitors."

I say good! Change is good! Disruptive forces can be the best forces to hit the market. HP is one of the stalwart status quo players in the game. Much in the same way Kia and Hyundai follow the Japanese in car design, HP has a reputation for following trends. Their corporate structure is a monstrosity and moves like a blind sloth with the discerning tastes of an amoeba.

Dell crushed them in the 90's. I am looking forward to the next disruptive change in the landscape taking down the behemoth for good.

Hp is to the computer industry what Jabba the Hut was to Star Wars.

TRA Consulting

Trust People, Not Addresses

Don’t trust unsolicited files or embedded links, under any circumstances.

It’s easy to spoof e-mail addresses, so that an e-mail seems to come from someone other than the real sender (who may in any case be a spam tool rather than a human being). Basic SMTP does not validate the sender’s address in the “From” field, though well-secured mail services do often include such functionality.

It is also possible for mail to be sent from your account without your knowledge, by malware, though malware that works in this way is far rarer than it used to be. It’s far more effective for a spammer to hire the services of a bot-herder nowadays, and malware that manages to infect your system doesn’t have to use your mail account or client software to send spam, scams and malware on to other victims.

There are many ways to disguise a harmful link so that it looks like something quite different, whether it’s in e-mail, chat or whatever. The disguising of malicious links in phishing e-mails so that they appear to go to a legitimate site has obligated developers to reengineer browsers to make it easier to spot such spoofing.

However, too many people forget to make use of elementary precautions such as passing the mouse cursor over the link so that the real link shows up. In any case, it’s not always easy to distinguish a genuine site from a fake site just from the URL, even if the URL is rendered correctly..

TRA Consulting

375 Redondo Avenue #153

Long Beach, CA 90814

562-225-4222

Good Password Practices

Use different passwords for your computer and online services. And it is good to segment your online service passwords, or keep them altogether different. I have seen a number of systems for doing this; some bad, some mediocre, and some extremely sophisticated. My favorite involves a root password that varies depending on the year, and whether the online account is email, social media, banking, low security, etc.

It is good practice to change passwords on a regular basis and to avoid simple passwords; especially those that are easily guessed. It’s debatable whether enforced, frequent changes of complicated passwords are always constructive (making you trade a security vulnerability for a social engineering vulnerability if you have a tendency to write your passwords down and hide them under the keyboard).

If a criminal guesses or cracks one of your passwords, using different passwords for other services and for your system passwords considerably limits the damage that he or she can do. If, on the other hand, you use the same password for all of your accounts, you run the risk that one lucky guess will give the criminal the keys to the kingdom. One of the reasons that trivial accounts are sometimes phished is that they give a cracker a head start on guessing the password for other, more profitable accounts.

Do you need administrative privileges?

Use an account on your computer that doesn’t have administrative privileges to reduce the likelihood of installing malware; and to reduce the likelihood of making severe and catastrophic changes to your system. Password protect the “administrator” account, and create a “limited” user account for daily use.

Most system administrators adhere to the principle of “least privilege”. That is, users should only be given the least amount of access and privilege necessary to perform their duties. The more privilege you have, the more damage a user can do; intentionally or unwittingly.

If you happen to run a small business with a file server or a workstation acting as a file server and you have not limited access to critical data from your users, you have a ticking time-bomb waiting to go off. Run through a scenario of what would happen if all of your data was wiped out. Is your data backed up? Do you have redundancy? In this scenario, some organization would cease to operate; in other cases an organization’s operations would be severely crippled. Don’t be that organization. Contact TRA for a free consultation and analysis.